Changes with nginx 1.28.1 23 Dec 2025
*) Security: processing of a specially crafted login/password when using
the "none" authentication method in the ngx_mail_smtp_module might
cause worker process memory disclosure to the authentication server
(CVE-2025-53859).
*) Bugfix: a segmentation fault might occur in a worker process if the
"try_files" directive and "proxy_pass" with a URI were used.
*) Bugfix: in handling "Host" and ":authority" header lines with equal
values when using HTTP/2; the bug had appeared in 1.17.9.
*) Bugfix: in handling "Host" header lines with a port when using
HTTP/3.
*) Bugfix: an XCLIENT command didn't use the xtext encoding.
Thanks to Igor Morgenstern of Aisle Research.
*) Bugfix: in SSL certificate caching during reconfiguration.
*) Bugfix: in delta-seconds processing in the "Cache-Control" backend
response header line.
*) Change: the native nginx/Windows binary release is now built using
Windows SDK 10.
*) Bugfix: nginx could not be built on NetBSD 10.0.
*) Bugfix: in HTTP/3.
Please log in to add feedback.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been submitted for stable by bodhi